Friday, June 26, 2020

Invoke-WebRequest can work when curl doesn't

I'm working on a Node JS app hosted in Namecheap's shared hosting. I rigged up a test POST endpoint to make sure I configured everything correctly then tried to access it with a cURL invocation on the command line. That failed with a 404 and an Express message stating that it couldn't GET a document that looks likely to be used for 403 Forbidden errors. (It took an unfortunate amount of time to realize that it was an Express error page - I first assumed requests weren't being routed to the Node JS app at all.) Bizarrely, the equivalent Invoke-WebRequest command in PowerShell worked. It looks like cURL's request offended a "security" feature provided by Namecheap. Specifically, it provided different headers:

POST /endpoint HTTP/1.1
Host: example.com
User-Agent: curl/7.55.1
Accept: */*

In contrast to PowerShell's request:

POST /endpoint HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1
Content-Type: application/x-www-form-urlencoded
Host: example.com
Content-Length: 0
Connection: Keep-Alive

No comments:

Post a Comment